diff options
author | Helmut Grohne <helmut@subdivi.de> | 2015-11-07 17:08:18 +0100 |
---|---|---|
committer | Helmut Grohne <helmut@subdivi.de> | 2015-11-07 17:08:18 +0100 |
commit | 4d3f5807cc2505d791c72ad88aef42abdfd4bebb (patch) | |
tree | 025591a9a199ae167e28006c3e1fb3c85b471151 /hosts/jenkins/etc/apt/apt.conf.d/80proxy | |
parent | e6364055aef2d9d660349e060ec909f08d3943e1 (diff) | |
download | jenkins.debian.net-4d3f5807cc2505d791c72ad88aef42abdfd4bebb.tar.xz |
mitigate jenkins remote execute 0-day
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
It seems that two channels need to be secured. The first is a custom tcp
port which is firewalled anyway. The other part is urls starting with
/cli. Instead of filtering this entry point in jenkins (and thus
breaking bin/abort.sh), we apply the filtering in apache. Thus a local
execute vulnerability remains, but we didn't care about those earlier.
Diffstat (limited to 'hosts/jenkins/etc/apt/apt.conf.d/80proxy')
0 files changed, 0 insertions, 0 deletions